Scammers are calling us less, but the financial losses keep climbing

Believe it or not, there’s been a massive reduction in scam robocalls over the past few years. According to according to stats we gathered across millions of data points, scam calls are down roughly 75% since the Fall of 2021-- from more than 2 billion every month to roughly 500 million every month currently. That’s a massive decline, and it appears to be great news.

So why does it feel like we’re in more danger, not less?

Because we are.

Total losses

In 2021, the Federal Trade Commission reported the total losses from scams starting with a phone call were approximately $692 million, with a median loss of about $1,200 per victim. By 2024, those numbers had risen to $948 million, and a median loss of $1,500. Simple back-of-the-envelope math shows 25% of the calls led to 37% higher losses. In other words, the scammers have become roughly five to six times more efficient in their scamming ability from phone calls. They are making more money, with fewer calls and taking more from every victim.

That’s not great.

How do scammers do this? The answer is surprisingly simple: they became very efficient marketers.

Scammers used to simply “dial for dollars,” calling one number after another, hoping to find vulnerable targets. That approach meant making calls to a lot of people who were irrelevant to the scam. Now, they are much smarter and more strategic.

They often use curated lists of potential victims. If they want to run a banking scam, they can call everyone hoping to find customers of the bank, or scammers can obtain that bank’s customer list and launch a call campaign in which they impersonate that particular bank.

And that’s exactly what they’re doing.

Getting information

Where do scammers get this information? They can simply go to the dark web, to find the results of data breaches that have exposed the personal details of millions. Breaches provide scammers with names, phone numbers, email addresses and even account details—everything they need to convincingly impersonate a trusted entity such as a bank. If scammers want to target an enterprise, they can easily get a list of employees, and call their personal cell phones.

The sheer volume of data breaches in recent years means much of our personal information is essentially public. Phone numbers, e-mail addresses, Social Security numbers, credit card details, account numbers, medical records—the list goes on. With all that data in hand, it’s not hard to find the right targets with the right information to sound legitimate. After that, scammers can follow their script and pressure victims to transfer funds quickly or take some other problematic action.

So what to do?

Short answer

The short answer for individuals is that you must assume your identity is already out there. The genie is out of the bottle, and pretending otherwise only puts you at greater risk. The real question isn’t how to hide your identity-- it’s how to operate safely in a world where your personal and professional information is already exposed.

Assume attackers know more than they should. They’re using publicly available data to impersonate company leaders, target employees, and launch social engineering campaigns that feel alarmingly real. Add in voice cloning and A.I.-generated deepfakes, and the risk multiplies quickly.

That means you need to be skeptical, not scared. Focus less on chasing privacy and focus more on proactive protection. Assume that all unexpected inbound calls are potential fraud. Use technology like smart call blockers that can help filter out scams.

And always validate the caller by hanging up and calling their institution on a number provided to you by a legitimate source. If they say they’re a bank, call the bank directly. If a caller says they’re from your company, make a call to a number provided by your employer.

Conclusion

While individuals must take those actions to protect themselves, business also play a major role in reducing the risks of scams. That should start with programs educating employees on how to recognize suspicious calls and impersonation tactics. Encourage employees to verify any unexpected requests, especially anything related to financial transactions and sensitive data. A quick phone call to a supervisor can prevent a costly mistake.

The bad guys are only going to get better at their jobs. Your private information is only going to become more public. But if you stay vigilant and take the right precautions, you can protect yourself and avoid becoming the next victim.

We list the best identity theft protection.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro